Microsoft

Asp.Net

13 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Medienbericht
  • EPSS 11.21%
  • Veröffentlicht 21.04.2026 19:20:50
  • Zuletzt bearbeitet 27.06.2026 05:16:44

Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

  • EPSS 0.56%
  • Veröffentlicht 08.09.2025 13:53:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Executi...

  • EPSS 0.59%
  • Veröffentlicht 08.07.2025 14:31:45
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Weak authentication in EOL ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor...

Exploit
  • EPSS 0.91%
  • Veröffentlicht 11.03.2025 16:58:54
  • Zuletzt bearbeitet 02.07.2025 14:25:46

Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network.

  • EPSS 12.54%
  • Veröffentlicht 27.05.2010 19:00:01
  • Zuletzt bearbeitet 16.06.2026 23:19:56

Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.

Exploit
  • EPSS 9%
  • Veröffentlicht 27.05.2010 19:00:01
  • Zuletzt bearbeitet 16.06.2026 23:19:57

ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site scripting (XSS) attacks against the form control via the __VIEWSTATE parameter.

Exploit
  • EPSS 58.74%
  • Veröffentlicht 23.03.2006 11:06:00
  • Zuletzt bearbeitet 16.06.2026 22:22:32

Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly reque...

Exploit
  • EPSS 17.83%
  • Veröffentlicht 12.07.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:14:29

aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop) via a crafted SOAP message to an RPC/Encoded method.

  • EPSS 18.85%
  • Veröffentlicht 18.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:13:27

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application's state has changed, ...

  • EPSS 40.33%
  • Veröffentlicht 18.05.2005 04:00:00
  • Zuletzt bearbeitet 16.06.2026 22:13:27

The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup.